unbound fail after upgrade Ubuntu from 17.10 to 18.04

Bernard Drozd bernid at interia.pl
Sun Apr 29 18:54:52 UTC 2018

I have an issue with Unbound after upgrading Ubuntu from 17.10 to 18.4. 
Currently Unbound doesn’t work and I receive message:

ela at akacja:~$ sudo systemctl status unbound
● unbound.service - Unbound DNS server
   Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2018-04-29 20:33:50 CEST; 23s ago
     Docs: man:unbound(8)
  Process: 14880 ExecStart=/usr/sbin/unbound -d $DAEMON_OPTS (code=exited, status=1/FAILURE)
  Process: 14856 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited,
  Process: 14846 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SU
Main PID: 14880 (code=exited, status=1/FAILURE)

Apr 29 20:33:50 akacja systemd[1]: unbound.service: Service hold-off time over, scheduling restart.
Apr 29 20:33:50 akacja systemd[1]: unbound.service: Scheduled restart job, restart counter is at 5.
Apr 29 20:33:50 akacja systemd[1]: Stopped Unbound DNS server.
Apr 29 20:33:50 akacja systemd[1]: unbound.service: Start request repeated too quickly.
Apr 29 20:33:50 akacja systemd[1]: unbound.service: Failed with result 'exit-code'.
Apr 29 20:33:50 akacja systemd[1]: Failed to start Unbound DNS server.

Please advice what to do. 

my unbound.conf:
     # Common Server Options
     chroot: ""
     directory: "/etc/unbound"
    # username: "nobody"
     port: 53
     do-ip4: yes
     do-ip6: no
     do-udp: yes
     do-tcp: yes
     so-reuseport: yes
     do-not-query-localhost: yes

     # System Tuning
     include: "/etc/unbound/tuning.conf"

     # Logging Options
     verbosity: 1
     use-syslog: yes
     log-time-ascii: yes
     log-queries: no

     # Unbound Statistics
     statistics-interval: 0
     statistics-cumulative: yes
     extended-statistics: yes

     # Prefetching
     prefetch: yes
     prefetch-key: yes

     # Randomise any cached responses
     rrset-roundrobin: yes

     # Privacy Options
     hide-identity: yes
     hide-version: yes
     qname-minimisation: yes
     minimal-responses: yes

     # DNSSEC
     auto-trust-anchor-file: "/var/lib/unbound/root.key"
     val-permissive-mode: no
     val-clean-additional: yes
     val-log-level: 1

     # Hardening Options
     harden-glue: yes
     harden-short-bufsize: no
     harden-large-queries: yes
     harden-dnssec-stripped: yes
     harden-below-nxdomain: yes
     harden-referral-path: yes
     harden-algo-downgrade: no
     use-caps-for-id: no

     # Listen on all interfaces
     interface-automatic: yes

     # Allow access from everywhere
     access-control: allow

     # Bootstrap root servers
     root-hints: "/usr/share/dns/root.hints"

     # Include DHCP leases
     #include: "/etc/unbound/dhcp-leases.conf"

     # Include any forward zones
     #include: "/etc/unbound/forward.conf"

     control-enable: yes
     control-use-cert: yes
     server-key-file: "/etc/unbound/unbound_server.key"
     server-cert-file: "/etc/unbound/unbound_server.pem"
     control-key-file: "/etc/unbound/unbound_control.key"
     control-cert-file: "/etc/unbound/unbound_control.pem"

# Import any local configurations
#include: "/etc/unbound/local.d/*.conf"

and /etc/unbound/tuning.conf:

num-threads: 1
so-reuseport: yes
infra-cache-slabs: 1
key-cache-slabs: 1
msg-cache-slabs: 1
rrset-cache-slabs: 1
rrset-cache-size: 64m
msg-cache-size: 32m
key-cache-size: 32m
outgoing-range: 8192
num-queries-per-thread: 4096
so-sndbuf: 4m
so-rcvbuf: 4m

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180429/0dd159b8/attachment.htm>

More information about the Unbound-users mailing list